function attendancePermission($email, $event) { if (isOfficer($email) || canEditEvents($email)) { return true; } if (!hasPosition($email, "Section Leader")) { return false; } $result = mysql_fetch_array(mysql_query("select `section`, `type` from `event` where `eventNo` = '{$event}'")); if ($result['type'] != 'sectional') { return false; } $eventSection = $result['section']; if ($eventSection == 0) { return true; } if (sectionFromEmail($email) == $eventSection) { return true; } return false; }
<?php require_once 'functions.php'; if (!$USER) { die("Not logged in"); } if (!canEditEvents($USER)) { die("Permission denied"); } if (!isset($_POST['eventNo'])) { die("Missing event number"); } $eventNo = mysql_real_escape_string($_POST['eventNo']); $sql = "DELETE FROM `event` WHERE `eventNo` = {$eventNo} LIMIT 1"; mysql_query($sql);